If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

--19 August 2002 NIST Warns Against Wireless LANs for Government
The National Institute of Standards and Technology (NIST) is putting
the final touches on a report that will recommend the US government
not use wireless LANs (local area networks) except in rare cases.
NIST also advises placing LAN access points where unauthorized users
cannot access them and using VPN (virtual private network) clients
and gateways.http://www.nwfusion.com/news/2002/13...8-19-2002.html

--16 August 2002 DoD Wireless Policy Nearly Ready
The Defense Department wireless use policy should be finalized soon.
The policy will address the use of wireless devices in and around
the Pentagon. The policy will prohibit wireless connections to
classified networks or computers. Another policy submitted for formal
consideration addresses wireless devices on the global grid.http://www.govexec.com/dailyfed/0802/081602td2.htm

--19 August 2002 DrinkOrDie Ringleader Sentenced
Christopher Tresco, who was reportedly a ringleader in the DrinkOrDie
digital piracy ring, received a 33-month sentence for "conspiracy to
violate criminal copyright laws." Tresco was a system administrator
at MIT and allegedly used university computers to distribute the
pirated content.http://www.securitynewsportal.com/cg...=viewone&id=95

--15 August 2002 Library Site Defacer Gets 1-3 Year Prison Sentence
Christopher J. Chinnichi received a sentence of between 1 and 3
years in state prison and was ordered to pay restitution of $15,000
for twice defacing the Monroe County (NY) Library System's web site.
The site was shut down for two days after one attack and for three
weeks after the other.http://www.democratandchronicle.com/...800_news.shtml

--14 August 2002 Princeton Admissions Dean/Hacker to be Reassigned
The Princeton University dean who hacked into a Yale University
admissions site meant only for applicants has lost his job. Stephen
LeMenager said he was only trying to test the security of the site.
Disciplinary action will be taken against other Princeton admissions
office employees. LeMenager will work in Princeton's communications
office until he is placed in another job at the university.http://www.usatoday.com/news/nation/...-hacking_x.htm

--15 & 16 August 2002 FBI Agent Accused of Illegal Computer Access
A Russian Federal Security Service investigator has begun criminal
proceedings against an FBI agent has allegedly lured two Russian
hackers to the US, offered them jobs at a fictional company and
harvested passwords to their computer in Russia. The FBI downloaded
the evidence before they had a search warrant. The two allegedly
stole information from large US companies and from two banks, and
may be tied to the theft of credit card numbers from CD Universe and
Western Union. The agent is accused of gaining unauthorized access
to the pair's computers.http://www.msnbc.com/news/563379.asp?0dm=T22DThttp://news.com.com/2100-1001-950719.htmlhttp://www.theregister.co.uk/content/55/26715.html

--16 August 2002 Microsoft Funds Initiative For Software Choice
Microsoft has joined a group called the Initiative for Software
Choice, which was created after several countries including, France,
Germany and Peru passed or were considering legislation requiring
their governments to use open source software.http://news.zdnet.co.uk/story/0,,t269-s2120759,00.htmlhttp://www.vnunet.com/News/1134428
[Editor's Note (Northcutt): In what is probably a tempest in a teacup,
the Digital Software Security Act, has been proposed to require
California state government to use open source.http://www.usatoday.com/tech/news/te...grammers_x.htm
(Schultz) Secure software does not depend on whether it is open-
or closed-source, but rather on the quality of the development process.
(Paller): Microsoft has a valid case in asking that governments not
automatically exclude Microsoft software in favor of open source
software. However, two Microsoft pressure tactics may backfire.
The first is the company's expansive funding and subsequent control of
specific lobbying initiatives of organizations that claim to represent
far broader interests. The second is Microsoft's more direct efforts
to pressure US Department of Defense executives to halt support for SE
Linux when, in reality, the government has spent far more on projects
that help improve security of Microsoft products than on projects
that make Linux products secure.]

--16 August 2002 Think Tank Wants Linux Certified Under Common
Criteria
The Cyberspace Policy Institute at George Washington University
wants Linux to be certified under the Common Criteria, which would
allow Linux to be purchased for "sensitive government applications."
The Institute is offering to be the repository for the federally,
certified Linux. http://zdnet.com.com/2100-1104-950123.htmlhttp://www.vnunet.com/News/1134428

--16 August 2002 NIPC Requests Quotes for Contractor Support
The National Infrastructure Protection Center (NIPC) is requesting
quotes for contractor support in identifying and predicting threats,
analyzing and assessing threat information and disseminating
information among its partners and the public. NIPC has been
criticized for being slow to issue warnings about cyber security
threats.http://www.fcw.com/fcw/articles/2002...c-08-16-02.asphttp://newsfactor.com/perl/story/19059.html

--15 August 2002 Researchers Develop Personalized Laptop Crypto
System
Brian Noble and Mark Corner, researchers at the University of Michigan,
have developed a system that will encrypt computer data when the
computer's owner steps away from the machine. The system works by
the owner wearing a transmitter strapped on like a watch; when the
owner is a designated distance away from the computer, the data is
automatically encrypted. The wireless communication is also encrypted.http://www.newscientist.com/news/news.jsp?id=ns99992683
[Editor's Note (Schultz): File encryption is such a two-edged sword.
It can assure confidentiality of data, but can also result in
effectively losing encrypted files. I know of several Windows 2000
users who have lost all their files due to loss or corruption of their
File Encrypting Key. And, unfortunately, key management schemes are
usually pretty inadequate.]

--15 August 2002 Variety of Anti-Virus Products Proves Helpful to
Scottish Bank
The Halifax/Bank of Scotland uses different anti-virus products at
each layer of its IT infrastructure, a strategy it says has reduced
the number of virus incidents in its systems by a factor of 10,
from 3,000 to 300 a month.http://www.vnunet.com/News/1134385

--14 August 2002 Cyber Corps Gets an Additional $19.2 Million
President Bush signed into law a supplemental funding bill that
allocates an additional $19.2 million for the Cyber Corps: the
federal scholarship for service program in information security.
Cyber Corps also funds capacity-building programs.http://www.fcw.com/fcw/articles/2002...r-08-14-02.asp
[Editor's Note (Schultz): This investment in cybersecurity will
undoubtedly return huge benefits in time.]

--14 August 2002 UK E-Commerce Site Removes Exposed Customer Data
Personal data belonging to about 1,700 UK Shopping City on-line
customers was exposed on a website. A UK Information Commissioner's
Office compliance manager said the unauthorized release is a
violation of the Data Protection Act. UK Shopping City has removed
the exposed customer data. The affected customers had each referred
three friends whose names and e-mail addresses were also exposed.
The managing director speculated that the problem occurred when the
company changed servers recently.http://zdnet.com.com/2100-1106-949706.htmlhttp://news.com.com/2100-1017-949868.html

--14 August 2002 InfraGard Members Warned About Warchalking
An FBI special agent warned Pittsburgh-area InfraGard members about
warchalking - the practice of marking the locations of wireless access
points on sidewalks and the outsides of buildings. One web site lets
wardrivers submit their information and then creates street maps that
note the access points. The agent says warchalking poses a threat
to criminal investigations. InfraGard is a partnership between the
FBI and businesses that allows them to share information about cyber
security concerns.http://www.computerworld.com/securit...,73479,00.html

--14 August 2002 Security Certifications Down Except for Disaster
Planning and Recovery (Not!)
The number of security certifications obtained during an 8-month period
in 2002 is significantly lower than the number obtained during the same
span a year earlier, according to a Brainbench Cyber IQ Defense Report.
The trend affects all areas except disaster planning and recovery
certifications, which are up 90% over last year.http://www.ntsecurity.net/Articles/I...rticleID=26262
[Editor's Note (Murray): CISSP certifications and still growing.
(Northcutt) After reading this story, and seeing fellow Editor Bill
Murray's comment that the CISSP was continuing to grow, I checked
the GIAC certification numbers: They have grown substantially in the
past year. So it was obvious something was wrong with this story.
I contacted Eileen Townsend, one of the principle authors of the
technical report on which this article is based, and she told me that
the only source of data were the number of people taking their own
Brainbench tests. Lower numbers of people using their service does
not mean fewer people are attempting to earn security certifications.]

--13 August 2002 Burma to Test Passports with Embedded Chips
Burma will test an electronic passport system. As part of the 5,000
person pilot program, diplomats and some business people will receive
passports with embedded microchips that contain personal information
like fingerprints and photographs.http://news.bbc.co.uk/1/hi/world/asi...ic/2191883.stm

--13 August 2002 Crackers are Targeting Security Professionals
A hacker group called "e18" appears to be targeting security
professionals. The group may be responsible for a Trojan that
infected OpenBSD code. The group has intercepted e-mail, stolen
files from people's computers and published the personal documents
in their e-zine. The group is unhappy with the fact that security
professionals publish vulnerabilities.http://www.wired.com/news/technology...,54400,00.html

Unhappy that vulnerabilities are being published? Yet they are using them to do malicious activities? Idiots...

--13 & 14 August 2002 Digital Pearl Harbor Simulation
The US Naval War College and Gartner Research teamed up to conduct a
"Digital Pearl Harbor" simulation. Analysts concluded that cyber
terrorists could do serious damage to US critical infrastructure,
but they would require five years of preparation time and significant
amounts of money and intelligence. Recovery from the attacks would
be difficult because there are no early warning systems for cyber
attacks and no organized response to them.http://news.com.com/2100-1017-949605.htmlhttp://www.theregister.co.uk/content/55/26675.html

--12 August 2002 Virus Activity Down
Explanations offered for the decline in virus activity over the past
year include improved anti-virus software, more secure systems and
new laws that assign stiffer penalties for hacking and the like,
including life in prison. Some warn that people should not get
complacent; virus activity will pick up again.http://www.reuters.com/news_article....toryID=1318312
[Editor's Note (Schultz): This is a fascinating statistic. If it holds
over time, it will represent a genuine victory for the information
security arena.]